DevTest - IAM configuration for reduce DB permissions

By far, the easiest way to configure IAM to use an external database is to use the DevTest_Home/IdentityAcessManager/bin/DataSourceUpdater executable.

Note: In order to use this application, the DB User must have DBA privileges. Once the Data Source has been updated, the privileges can be reduced if needed.However, in some environments, DBA privileges are forbidden and the changes must be made by hand.

Environment:

DevTest 10.4.0

Instructions:

There are four supported databases: Oracle, MySql, MSSQL and DB2.These instructions have been tested with Oracle and MySQL but the other two should be similar.Note: There are DB vendor specific changes.

1. cd DevTest_Home/IdentityAcessManager2. Copy the standalone directory to standalone-original. This will allow reverting back to the original setup if needed.3. cd standalone/configuration4. Copy standalone.xml to standalone-orig.xml5. Edit standalone.xml6. Search for "keycloadDS" - should be around line 137

***************For Oracle:***************7 (Oracle). Change the next line from:<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>to (edit as needed)<connection-url>jdbc:oracle:thin:@<db host>:<db port>:<DB></connection-url>

***************For Oracle:***************15(Oracle). Create this directory path:DevTest_Home/IdentityAccessManager/modules/oracle/jdbc/driver/oracledriver/main16(Oracle). Copy the Oracle driver into this directory.17. In the same directory create file named: module.xml18 Copy these contents into module.xml:<?xml version='1.0' encoding='UTF-8'?>

***************For MySql:***************15(MySql). Create this directory path:DevTest_Home/IdentityAccessManager/modules/com/mysql/jdbc/driver/main16(MySql). Copy the MySql driver into this directory.17. In the same directory create file named: module.xml18 Copy these contents into module.xml:<?xml version='1.0' encoding='UTF-8'?>